QoS s Mangle na RouterOS

QoS s Mangle na RouterOS
« kdy: 16. 09. 2012, 22:57:27 »
Ahojte, snazim sa nejako rozumne rozbehat qos na routeros(mikrotik), len ako si sa mi nedari....takto zatial vyzera moj pocin s mangle, lenze po nahodeni su vysoke pingy a rychlost ide pomaly....viete niekto poradit kde je chyba? dakujem..:

Kód: [Vybrat]
add action=add-dst-to-address-list address-list=p2p-downloaders \
    address-list-timeout=5h chain=forward comment=\
    "Markovanie p2p-downloaderov" disabled=no in-interface=ether1 p2p=all-p2p \
    src-address-list=!p2p-downloaders
add action=add-src-to-address-list address-list=skype address-list-timeout=1h \
    chain=forward comment=skype disabled=no layer7-protocol=skypenack \
    packet-size=39 protocol=udp
add action=mark-connection chain=forward comment=p2p disabled=no \
    new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorrent new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorent2 new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=udp
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=tcp
add action=jump chain=forward connection-mark=p2p_conn disabled=no \
    jump-target=P2P
add action=mark-connection chain=forward comment=Games disabled=no \
    layer7-protocol=worldofwarcraft new-connection-mark=games_conn \
    passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no layer7-protocol=counterstrike-source new-connection-mark=\
    games_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    27015-27020,27050,28959-28961 protocol=udp
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    55901,55919 protocol=tcp
add action=jump chain=forward connection-mark=games_conn disabled=no \
    jump-target=GAMES
add action=mark-connection chain=prerouting comment=download-servers \
    disabled=yes in-interface=ether1 new-connection-mark=\
    download-servers-in-conn passthrough=yes src-address-list=\
    download-servers
add action=mark-packet chain=prerouting connection-mark=\
    download-servers-in-conn disabled=yes new-packet-mark=download-servers \
    passthrough=no
add action=mark-connection chain=prerouting comment=linux disabled=yes \
    in-interface=ether1 new-connection-mark=Linux_conn passthrough=yes \
    src-address-list=Linux
add action=mark-packet chain=prerouting connection-mark=Linux_conn disabled=\
    yes new-packet-mark=Linux passthrough=no
add action=mark-connection chain=prerouting comment=Porn disabled=yes \
    in-interface=ether1 new-connection-mark=Porn_conn passthrough=yes \
    src-address-list=Porn
add action=mark-packet chain=prerouting connection-mark=Porn_conn disabled=\
    yes new-packet-mark=Porn passthrough=no
add action=mark-connection chain=prerouting comment=facebook_in disabled=yes \
    in-interface=ether1 new-connection-mark=facebook-in-conn passthrough=yes \
    src-address-list=facebook
add action=mark-packet chain=prerouting connection-mark=facebook-in-conn \
    disabled=yes new-packet-mark=facebook-in passthrough=no
add action=mark-connection chain=forward comment=ShareServers disabled=no \
    new-connection-mark=ShareServers_conn passthrough=yes src-address-list=\
    ShareServers
add action=mark-connection chain=forward connection-mark=!ShareServers_conn \
    disabled=no new-connection-mark=ShareServers_conn passthrough=yes \
    src-address-list=untitled
add action=jump chain=forward connection-mark=ShareServers_conn disabled=no \
    jump-target=SHARESERVERS
add action=mark-connection chain=forward comment=speedtests disabled=no \
    new-connection-mark=speedtests_conn passthrough=yes src-address-list=\
    speedtests
add action=jump chain=forward connection-mark=speedtests_conn disabled=no \
    jump-target=SPEEDTESTS
add action=mark-connection chain=forward comment=\
    "PRIOR(high priority services)" disabled=no new-connection-mark=\
    prior_conn passthrough=yes port=25,53,110 protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    prior_conn passthrough=yes protocol=icmp
add action=mark-connection chain=forward connection-mark=!prior_conn \
    disabled=no new-connection-mark=prior_conn passthrough=yes port=53 \
    protocol=udp
add action=jump chain=forward connection-mark=prior_conn disabled=no \
    jump-target=PRIOR
add action=mark-connection chain=forward comment=Video-net disabled=no \
    new-connection-mark=video_conn passthrough=yes src-address-list=video_net
add action=mark-connection chain=forward connection-mark=!video_conn \
    disabled=no new-connection-mark=video_conn passthrough=yes port=1935 \
    protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    video_conn passthrough=yes port=554 protocol=tcp
add action=jump chain=forward connection-mark=video_conn disabled=no \
    jump-target=VIDEO
add action=mark-connection chain=forward comment=VOIP disabled=no \
    layer7-protocol=skypetoskype new-connection-mark=voip_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!voip_conn \
    connection-rate=0-50k disabled=no new-connection-mark=voip_conn \
    passthrough=yes protocol=udp src-address-list=skype
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=sip new-connection-mark=voip_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=skypeout new-connection-mark=voip_conn passthrough=no
add action=jump chain=forward connection-mark=voip_conn disabled=no \
    jump-target=VOIP
add action=mark-connection chain=forward comment=HTTP connection-mark=no-mark \
    disabled=no new-connection-mark=http_conn passthrough=yes port=26-443,80 \
    protocol=tcp
add action=jump chain=forward connection-mark=http_conn disabled=no \
    jump-target=HTTP
add action=mark-connection chain=forward comment=FTP disabled=no \
    new-connection-mark=ftp_conn passthrough=yes port=20-21 protocol=tcp
add action=jump chain=forward connection-mark=ftp_conn disabled=no \
    jump-target=FTP
add action=mark-connection chain=forward comment=INTERNET-OTHER \
    connection-mark=no-mark disabled=no new-connection-mark=\
    internet-other_conn passthrough=yes
add action=jump chain=forward connection-mark=internet-other_conn disabled=no \
    jump-target=INTERNET-OTHER
add action=mark-packet chain=P2P comment=P2P disabled=no in-interface=ether1 \
    new-packet-mark=p2p_in passthrough=yes
add action=mark-packet chain=P2P disabled=no new-packet-mark=p2p_out \
    out-interface=ether1 passthrough=yes
add action=mark-packet chain=GAMES comment=GAMES disabled=no in-interface=\
    ether1 new-packet-mark=games_in passthrough=yes
add action=mark-packet chain=GAMES disabled=no new-packet-mark=games_out \
    out-interface=ether1 passthrough=yes
add action=mark-packet chain=SHARESERVERS comment=SHARESERVERS disabled=no \
    in-interface=ether1 new-packet-mark=shareservers_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=ShareServers_up_conn \
    disabled=yes new-packet-mark=Shareservers_up passthrough=no
add action=mark-packet chain=SPEEDTESTS comment=SPEEDTESTS disabled=no \
    in-interface=ether1 new-packet-mark=speedtests_in passthrough=no
add action=mark-packet chain=SPEEDTESTS disabled=no new-packet-mark=\
    speedtests_out out-interface=ether1 passthrough=no
add action=mark-packet chain=PRIOR comment="PRIOR(high priority services)" \
    disabled=no in-interface=ether1 new-packet-mark=prior_in passthrough=no
add action=mark-packet chain=PRIOR disabled=no new-packet-mark=prior_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VIDEO comment=VIDEO disabled=no in-interface=\
    ether1 new-packet-mark=video_in passthrough=no
add action=mark-packet chain=VIDEO disabled=no new-packet-mark=video_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VOIP comment=VOIP disabled=no in-interface=\
    ether1 new-packet-mark=voip_in passthrough=no
add action=mark-packet chain=VOIP disabled=no new-packet-mark=voip_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=HTTP comment=HTTP disabled=no in-interface=\
    ether1 new-packet-mark=http_in passthrough=no
add action=mark-packet chain=HTTP disabled=no new-packet-mark=http_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=FTP comment=FTP disabled=no in-interface=ether1 \
    new-packet-mark=ftp_in passthrough=no
add action=mark-packet chain=FTP disabled=no new-packet-mark=ftp_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=INTERNET-OTHER comment=INTERNET-OTHER disabled=\
    no in-interface=ether1 new-packet-mark=internet-other_in passthrough=no
add action=mark-packet chain=INTERNET-OTHER disabled=no new-packet-mark=\
    internet-other_out out-interface=ether1 passthrough=no
« Poslední změna: 17. 09. 2012, 12:27:32 od Petr Krčmář »


Re:Pomoc s mangle na router OS...
« Odpověď #1 kdy: 17. 09. 2012, 11:39:11 »
Vraj je treba vsade pouzit passthrough=no, lenze v tom pripade mi to mnozstvo trafficu nemarkuje.
Mal som to povodne v pre/postroutingu, co si myslite, v com je vhodnejsie urobit tieto iste pravidla? forward alebo pre/postroutingu?
Na tom istom stroji sa sucasne robi NAT, firewall a qos....